ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool DreamBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DreamBot

NamesDreamBot
CategoryMalware
TypeBanking trojan, Info stealer, Credential stealer, Botnet
Description(Proofpoint) The Dreambot malware is still in active development and over the last few months we have seen multiple versions of it spreading in the wild. The Tor-enabled version of Dreambot has been active since at least July 2016, when we first observed the malware successfully download the Tor client and connect to the Tor network. Today, many Dreambot samples include this functionality, but few use it as their primary mode of communication with their command and control (C&C) infrastructure. However, in the future this feature may be utilized much more frequently, creating additional problems for defenders.
Information<https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality>
<https://lokalhost.pl/gozi_tree.txt>
MITRE ATT&CK<https://attack.mitre.org/software/S0386>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.dreambot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=DreamBot>

Last change to this tool card: 13 October 2023

Download this tool card in JSON format

All groups using tool DreamBot

ChangedNameCountryObserved

Unknown groups

X_[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]